I agree that apps should not be breaking network layer model by bypassing local DNS setup.
I kind of think that the browser were already telling their masters what you do by other means. This is just another attempt at it. Maybe the way to address this is to ask Mozilla/Google for central /etc/firefox.conf to be able to make that local admin choice. Or something similar. I see your point, -T On Sun, Dec 29, 2019, 03:48 Russell Senior <[email protected]> wrote: > I can see one way: often your DNS is going through a local resolver. The > off-site traffic is combined with other client devices before the ISP gets > a gander at it. The application making the choice of who to ask (often > without the users real understanding about that choice) isn't an automatic > win. > > For me personally, I'm a little concerned about not having a way of telling > local users that I know more about how to look up a particular domain > (which might resolve to a local address when you on my network) than the > browser vendor. There is a mechanism for opting out which I haven't tried > yet. There isn't really a good mechanism for saying you trust your local > network administrator (who I generally trust) more than your ISP (who I > don't trust to not spy on me). > > It's a sticky problem. > > On Sat, Dec 28, 2019 at 7:37 PM Tomas Kuchta <[email protected] > > > wrote: > > > Could you explain the details why/how DNS over Https would you "not > > recommend using it. It's just a way for data-mining > > companies to suck up more of your private life"? > > > > The way I understand it, it is meant to provide privacy from your ISP and > > traffic observation along the way to the DNS. It should not make anything > > else worse/better. > > > > Thanks, > > Tomas > > > > On Sun, Dec 29, 2019, 03:01 Tom <[email protected]> wrote: > > > > > On Wed, 25 Dec 2019 20:14:00 -0800 > > > "Mike C." <[email protected]> wrote: > > > > > > > Has anyone dug into this much or actually using it? > > > > > > > > It's experimental in Chrome but not currently available in the .deb > > > > version. > > > > > > > > Apparently, It has been a Firefox feature for a few years, but Chrome > > > > has been my browser of choice for many years now. > > > > > > > > OpenWrt supports DoH through DNSMasq and HTTPS-DNS-Proxy. Which is > > > > nice because then all your LAN / WLAN devices can use it after > > > > setting up once and makes troubleshooting any problems related to it > > > > much easier. > > > > > > > > I know a few years ago, DNSMasq was pretty standard on Ubuntu / > Debian > > > > based distros. Which makes me think there's probably a > HTTPS-DNS-Proxy > > > > package for most Linux distros. > > > > _______________________________________________ > > > > PLUG mailing list > > > > [email protected] > > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > I would not recommend using it. It's just a way for data-mining > > > companies to suck up more of your private life. There's no security or > > > reliability to it over normal DNS. In fact, the security and > > > reliability is worse. > > > > > > -- > > > _______________________________________________ > > > PLUG mailing list > > > [email protected] > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
